Dependabot updates for January 2024 (#2865)

* Bump dotnet/sdk in /Backend
* Bump dotnet/aspnet in /Backend
* Bump node from 18.18.2-bookworm-slim to 18.19.0-bookworm-slim
* Bump actions/setup-node from 4.0.0 to 4.0.1
* Bump actions/setup-python from 4.7.1 to 5.0.0
* Bump actions/download-artifact from 3 to 4
    * upload-artifact must be updated as well
* Bump github/codeql-action from 2.22.8 to 3.22.12
* Bump actions/setup-dotnet from 3.2.0 to 4.0.0
* Bump @types/node from 20.9.0 to 20.10.6
* Bump @testing-library/user-event from 14.5.1 to 14.5.2
* Bump @loadable/component and @types/loadable__component
* Bump @testing-library/react from 14.1.0 to 14.1.2
* Bump @types/react from 18.2.37 to 18.2.46
* Update Python dependencies
* Update MongoDB and SIL packages in Backend
* Update license reports

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: D. Ror <imnasnainaec@gmail.com>

.github/workflows/backend.yml

@@ -37,7 +37,7 @@ jobs:
             objects.githubusercontent.com:443
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Setup dotnet
-        uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
+        uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
         with:
           dotnet-version: ${{ matrix.dotnet }}
       - name: Install ffmpeg
@@ -48,7 +48,7 @@ jobs:
         run: dotnet test Backend.Tests/Backend.Tests.csproj
         shell: bash
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           if-no-files-found: error
           name: coverage
@@ -85,7 +85,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Download coverage artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: coverage
       - name: Upload coverage report
@@ -125,23 +125,23 @@ jobs:
       # Manually install .NET to work around:
       # https://github.com/github/codeql-action/issues/757
       - name: Setup .NET
-        uses: actions/setup-dotnet@3447fd6a9f9e57506b15f895c5b76d3b197dc7c2 # v3.2.0
+        uses: actions/setup-dotnet@4d6c8fcf3c8f7a60068d26b594648e99df24cee3 # v4.0.0
         with:
           dotnet-version: "6.0.x"
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           languages: csharp
       - name: Autobuild
-        uses: github/codeql-action/autobuild@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
       - name: Upload artifacts if build failed
         uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
         if: ${{ failure() }}
         with:
           name: tracer-logs
           path: ${{ runner.temp }}/*.log
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
 
   docker_build:
     runs-on: ubuntu-22.04

.github/workflows/codeql.yml

@@ -63,7 +63,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -76,7 +76,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, Go, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/autobuild@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
 
       # Command-line programs to run using the OS shell.
       # See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -89,6 +89,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/frontend.yml

@@ -31,7 +31,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
         with:
           node-version: ${{ matrix.node-version }}
       - run: npm ci
@@ -60,15 +60,15 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@8f152de45cc393bb48ce5d89d36b731f54556e65 # v4.0.0
+        uses: actions/setup-node@b39b52d1213e96004bfcb1c61a8a6fa8ab84f3e8 # v4.0.1
         with:
           node-version: ${{ matrix.node-version }}
       - run: npm ci
       - run: npm run test-frontend:coverage
         env:
           CI: true
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           if-no-files-found: error
           name: coverage
@@ -95,7 +95,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Download coverage artifact
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           name: coverage
       - name: Upload coverage report

.github/workflows/pages.yml

@@ -26,7 +26,7 @@ jobs:
             github.com:443
             pypi.org:443
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-      - uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+      - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
           python-version: 3.11
       - name: Install dependencies

.github/workflows/python.yml

@@ -30,7 +30,7 @@ jobs:
             pypi.org:443
       - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@65d7f2d534ac1bc67fcd62888c5f4f3d2cb2b236 # v4.7.1
+        uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # v5.0.0
         with:
           python-version: ${{ matrix.python-version }}
       - name: Install dependencies

.github/workflows/scorecards.yml

@@ -89,6 +89,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@407ffafae6a767df3e0230c3df91b6443ae8df75 # v2.22.8
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           sarif_file: results.sarif

Backend.Tests/Backend.Tests.csproj

@@ -13,7 +13,7 @@
   </PropertyGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
-    <PackageReference Include="NUnit" Version="4.0.0" />
+    <PackageReference Include="NUnit" Version="4.0.1" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.5.0" />
     <PackageReference Include="coverlet.collector" Version="6.0.0"/>
     <PackageReference Include="coverlet.msbuild" Version="6.0.0"/>

Backend/BackendFramework.csproj

@@ -17,23 +17,23 @@
     <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="6.33.0" />
     <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="6.33.0" />
     <PackageReference Include="Swashbuckle.AspNetCore" Version="6.5.0" />
-    <PackageReference Include="MongoDB.Driver" Version="2.22.0" />
+    <PackageReference Include="MongoDB.Driver" Version="2.23.1" />
     <PackageReference Include="MailKit" Version="4.3.0" />
     <PackageReference Include="Xabe.FFmpeg" Version="5.2.6"/>
 
     <!-- SIL Maintained Dependencies. -->
     <PackageReference Include="icu.net" Version="2.9.0" />
     <PackageReference Include="Icu4c.Win.Full.Lib" Version="62.2.1-beta" />
-    <PackageReference Include="SIL.Core" Version="12.0.1" />
-    <PackageReference Include="SIL.Core.Desktop" Version="12.0.1">
+    <PackageReference Include="SIL.Core" Version="13.0.0" />
+    <PackageReference Include="SIL.Core.Desktop" Version="13.0.0">
       <NoWarn>NU1701</NoWarn>
     </PackageReference>
-    <PackageReference Include="SIL.DictionaryServices" Version="12.0.1">
+    <PackageReference Include="SIL.DictionaryServices" Version="13.0.0">
       <NoWarn>NU1701</NoWarn>
     </PackageReference>
-    <PackageReference Include="SIL.Lift" Version="12.0.1">
+    <PackageReference Include="SIL.Lift" Version="13.0.0">
       <NoWarn>NU1701</NoWarn>
     </PackageReference>
-    <PackageReference Include="SIL.WritingSystems" Version="12.0.1" />
+    <PackageReference Include="SIL.WritingSystems" Version="13.0.0" />
   </ItemGroup>
 </Project>

Backend/Dockerfile

@@ -1,5 +1,5 @@
 # Docker multi-stage build
-FROM mcr.microsoft.com/dotnet/sdk:6.0.416-focal-amd64 AS builder
+FROM mcr.microsoft.com/dotnet/sdk:6.0.417-1-focal-amd64 AS builder
 WORKDIR /app
 
 # Copy csproj and restore (fetch dependencies) as distinct layers.
@@ -11,7 +11,7 @@ COPY . ./
 RUN dotnet publish -c Release -o build
 
 # Build runtime image.
-FROM mcr.microsoft.com/dotnet/aspnet:6.0.24-focal-amd64
+FROM mcr.microsoft.com/dotnet/aspnet:6.0.25-focal-amd64
 
 ENV ASPNETCORE_URLS=http://+:5000
 ENV COMBINE_IS_IN_CONTAINER=1

Dockerfile

@@ -16,7 +16,7 @@ COPY docs/user_guide docs/user_guide
 RUN tox -e user-guide
 
 # Frontend build environment.
-FROM node:18.18.2-bookworm-slim AS frontend_builder
+FROM node:18.19.0-bookworm-slim AS frontend_builder
 WORKDIR /app
 
 # Install app dependencies.

deploy/requirements.txt

@@ -4,9 +4,9 @@
 #
 #    pip-compile requirements.in
 #
-ansible==9.0.1
+ansible==9.1.0
     # via -r requirements.in
-ansible-core==2.16.0
+ansible-core==2.16.2
     # via ansible
 cachetools==5.3.2
     # via google-auth
@@ -22,7 +22,7 @@ cryptography==41.0.7
     # via
     #   ansible-core
     #   pyopenssl
-google-auth==2.24.0
+google-auth==2.25.2
     # via kubernetes
 idna==3.6
     # via requests
@@ -78,5 +78,5 @@ urllib3==1.26.18
     # via
     #   kubernetes
     #   requests
-websocket-client==1.6.4
+websocket-client==1.7.0
     # via kubernetes

dev-requirements.txt

@@ -4,15 +4,15 @@
 #
 #    pip-compile dev-requirements.in
 #
-attrs==23.1.0
+attrs==23.2.0
     # via
     #   flake8-bugbear
     #   flake8-eradicate
-babel==2.13.1
+babel==2.14.0
     # via mkdocs-material
 beautifulsoup4==4.12.2
     # via mkdocs-htmlproofer-plugin
-black==23.11.0
+black==23.12.1
     # via -r dev-requirements.in
 cachetools==5.3.2
     # via
@@ -41,7 +41,7 @@ cryptography==41.0.7
     # via
     #   pyopenssl
     #   types-pyopenssl
-distlib==0.3.7
+distlib==0.3.8
     # via virtualenv
 dnspython==2.4.2
     # via pymongo
@@ -61,21 +61,21 @@ flake8==6.1.0
     #   pep8-naming
 flake8-broken-line==1.0.0
     # via -r dev-requirements.in
-flake8-bugbear==23.11.28
+flake8-bugbear==23.12.2
     # via -r dev-requirements.in
 flake8-comprehensions==3.14.0
     # via -r dev-requirements.in
 flake8-eradicate==1.5.0
     # via -r dev-requirements.in
 ghp-import==2.1.0
     # via mkdocs
-google-auth==2.24.0
+google-auth==2.25.2
     # via kubernetes
 humanfriendly==10.0
     # via -r dev-requirements.in
 idna==3.6
     # via requests
-isort==5.12.0
+isort==5.13.2
     # via -r dev-requirements.in
 jinja2==3.1.2
     # via
@@ -108,13 +108,13 @@ mkdocs==1.5.3
     #   mkdocs-static-i18n
 mkdocs-htmlproofer-plugin==1.0.0
     # via -r dev-requirements.in
-mkdocs-material==9.4.14
+mkdocs-material==9.5.3
     # via -r dev-requirements.in
 mkdocs-material-extensions==1.3.1
     # via mkdocs-material
 mkdocs-static-i18n==1.2.0
     # via -r dev-requirements.in
-mypy==1.7.1
+mypy==1.8.0
     # via -r dev-requirements.in
 mypy-extensions==1.0.0
     # via
@@ -132,13 +132,13 @@ packaging==23.2
     #   tox
 paginate==0.5.6
     # via mkdocs-material
-pathspec==0.11.2
+pathspec==0.12.1
     # via
     #   black
     #   mkdocs
 pep8-naming==0.13.3
     # via -r dev-requirements.in
-platformdirs==4.0.0
+platformdirs==4.1.0
     # via
     #   black
     #   mkdocs
@@ -160,7 +160,7 @@ pyflakes==3.1.0
     # via flake8
 pygments==2.17.2
     # via mkdocs-material
-pymdown-extensions==10.5
+pymdown-extensions==10.7
     # via mkdocs-material
 pymongo==4.6.1
     # via -r dev-requirements.in
@@ -183,7 +183,7 @@ pyyaml==6.0.1
     #   pyyaml-env-tag
 pyyaml-env-tag==0.1
     # via mkdocs
-regex==2023.10.3
+regex==2023.12.25
     # via mkdocs-material
 requests==2.31.0
     # via
@@ -215,9 +215,9 @@ types-python-dateutil==2.8.19.14
     # via -r dev-requirements.in
 types-pyyaml==6.0.12.12
     # via -r dev-requirements.in
-types-requests==2.31.0.10
+types-requests==2.31.0.20231231
     # via -r dev-requirements.in
-typing-extensions==4.8.0
+typing-extensions==4.9.0
     # via
     #   black
     #   mypy
@@ -226,9 +226,9 @@ urllib3==2.1.0
     #   kubernetes
     #   requests
     #   types-requests
-virtualenv==20.24.7
+virtualenv==20.25.0
     # via tox
 watchdog==3.0.0
     # via mkdocs
-websocket-client==1.6.4
+websocket-client==1.7.0
     # via kubernetes